Over Ten Percent of Fortune 500 Still Infected by DNSChanger

Google is embarking on an effort to notify Internet users if their computers or home routers are still infected with the DNSChanger Trojan, a piece of sophisticated malware that has compromised an estimated 500,000 systems. The outreach campaign comes a little more than a month ahead of July 9, the date on which the FBI is set to take all computers corrupted with the malware offline.

The FBI ended a major online DNS threat last year, but the arrest of the criminals, and killing the servers would have left millions without internet service, so the servers were replaced. Here’s how to find out if you could lose your internet connection July 9th.

The trojan is usually a small file (about 1.5 kilobytes) that is designed to change the 'NameServer' Registry key value to a custom IP address. This IP address is usually encrypted in the body of a trojan. As a result of this change a victim's computer will contact the newly assigned DNS server to resolve names of different webservers.

Variant

Trojan.Win32.DNSChanger.al Lately we got a few samples of this trojan that were named 'PayPal-2.5.200-MSWin32-x86-2005.exe'. This trojan was programmed to change the DNS server name of a victim's computer to 193.227.227.218 address.

Manual Way to Remove it:

If a manual check of the DNS nameserver system is desired, then here are the steps for Windows XP and newer:

Click on: Start-->run-->then type “cmd” in the box, no quotes.

Type in the command window, “ipconfig/all” again no quotes.

Scroll down through all the other data and find “DNS servers.” This will either look like this: 192.168.2.1, if it looks like this: fec0:0:0:ffff::1%1, then your router uses IPv6 and you can’t manually check the connection. Write the addresses of the nameservers you are using down.

There are a lot of cool things you can do with 1,000 bucks, but scientists at an Austin, Texas college have come across one that is often overlooked: for less than a grand, how’d you like to hijack a drone? And Play with it?

The University of Texas at Austin team successfully nabbed the drone on a dare from the Department of Homeland Security. They managed to do it through spoofing, a technique where a signal from hackers pretends to be the same as one sent to the drone's GPS.

A group of researchers led by Professor Todd Humphreys from the University of Texas at Austin Radionavigation Laboratory recently succeeded in raising the eyebrows of the US government. With just around $1,000 in parts, Humphreys’ team took control of an unmanned aerial vehicle owned by the college, all in front of the US Department of Homeland Security.

After being challenged by his lab, the DHS dared Humphreys’ crew to hack into a drone and take command. Much to their chagrin, they did exactly that.

Explanation:Humphrey tells Fox News that for a few hundreds dollar his team was able to “spoof” the GPS system on board the drone, a technique that involves mimicking the actual signals sent to the global positioning device and then eventually tricking the target into following a new set of commands. And, for just $1,000, Humphreys says the spoofer his team assembled was the most advanced one ever built.“Spoofing a GPS receiver on a UAV is just another way of hijacking a plane,” Humphreys tells Fox. The real danger here, however, is that the government is currently considering plans that will allow local law enforcement agencies and other organizations from coast-to-coast to control drones of their own in America’s airspace.“In five or ten years you have 30,000 drones in the airspace,” he tells Fox News. “Each one of these could be a potential missile used against us.”Domestic drones are already being used by the DHS and other governmental agencies, and several small-time law enforcement groups have accumulated UAVs of their own as they await clearance from the Federal Aviation Administration. Indeed, by 2020 there expects to be tens of thousands of drones diving and dipping through US airspace. With that futuristic reality only a few years away, Humphreys’ experiment suggests that the FAA may have their work cut out for them if they think it’s as easy as just approving domestic use anytime soon. After all, reports Newser, domestic drones are likely to use the same unencrypted GPS signals provided to civilians, allowing seemingly anyone with $1,000 and the right research to hack into the system and harness a UAV for their own personal use.

Researchers at Tokyo-based anti-virus firm Trend Micro have discovered a new twist on banking Trojans that doesn't interact with the victim at all.Standard banking Trojans dupe an account holder to log into a duplicate of his bank's website, thereby conning him into giving up his username, password and account number, which they use to log in after he's done. This new variant, which can be grafted into the existing banking Trojans ZeuS or SpyEye, infects computers the old-fashioned way: It either infects Web browsers via a drive-by download or piggybacks as an attachment on a phishing email.

It then hides in the Web browser and waits for the user to log into his bank's site. Once he does, it introduces special software that triggers an automatic transfer system that moves money out of the victim's account to another account within the same bank, and covers up the evidence so that neither the user nor the bank notice right away.

"As long as a system remains infected with an ATS, its user will not be able to see the illegitimate transactions made from his/her accounts," wrote Trend Micro researcher Loucif Kharouni. "This essentially brings to the fore automated online banking fraud because cybercriminals no longer need user intervention to obtain money."

Pulling off such a heist is complicated. The malware must often be custom-made for each bank website, which involves lots of research and coding on the part of the malware authors, and results in expensive prices for each piece in cybercrime bazaars.

Destination accounts must also be created at the targeted banks so that the malware has a place to deposit the stolen money, and a network of "money mules" must be recruited to access the destination accounts and move the money again, this time out of the bank.

Furthermore, writes Kharouni, the amounts transferred must be fairly small in order not to trigger alerts within the banking system. The Trend Micro researchers saw amounts ranging from 500 euro to 13,000 euro ($635 to $16,500 in U.S. dollars).

The most commonly targeted banks are in Britain, Italy and Germany, countries where, according to Trend Micro, online-banking verification practices are strong — and hence necessitate the use of stealthy malware that needs no verification at all.

American banks are apparently not on the menu yet. Kharouni cites two reasons: First, it's not easy for online criminals based in Eastern Europe to open up accounts in U.S. banks; and second, most American banks have weak verification methods that make the older, cheaper variants of banking Trojans still profitable on these shores.

To avoid being hit by a banking Trojan, whether old or new, make sure to have robust anti-virus softwareinstalled on your PC or Mac, and set it to automatically update its malware definitions.

A new crimeware kit identified by Security Experts that’s mainly designed to launch distributed denial-of-service (DDOS) attacks against companies, with the purpose of damaging there reputation and blackmailing them. It was firstly revelled by underground hacking forum about June 25, 2012. And it cost only 100 EUR.

Zemra is similar to other crime packs such as ZeuS and SpyEye, being controlled from the same type of panel which allows the botmaster to launch commands and view the number of infections.

Backdoor.Zemra’s main functionality is to launch DDOS attacks, but it also comes with a number of other interesting features. It’s able to monitor devices, collect system information, execute files, and even update or uninstall itself if necessary.

Following are functions in Zemra

- Intuitive control panel

- DDos (HTTP / SYN Flood / UDP)

- Download and execution of binary files

- Loader (Load and run).

- Cheat visits (visits to the page views).

- USB Spread (spread through pen drives)

- Socks5 (picks up socks proxy on the infected machine)

- Update (Updates the bot)

- [color = red] The process can not be completed because the He is critical.

To reduce the possibility of being infected by this Trojan, Symantec advises users to ensure that they are using the latest Symantec protection technologies with the latest antivirus definitions installed.

Mir Islam exits the Manhattan Federal Court in New York June 26, 2012. Islam, known online as "JoshTheGod," was one of two people arrested in the New York area. PHOTO: REUTERS

NEW YORK: At least 24 people were arrested in the United States and abroad in a US-led sting operation targeting cyber criminals buying and selling stolen credit card information, officials said Tuesday.

US Attorney Preet Bharara said the probe uncovered “a breathtaking spectrum of cyber schemes and scams.”

Those accused in the scheme, he said “sold credit cards by the thousands and took the private information of untold numbers of people… the defendants casually offered every stripe of malware and virus to fellow fraudsters, even including software enabling cyber voyeurs to hijack an unsuspecting consumer’s personal computer camera.”

The two-year operation began in June 2010, when the FBI established an undercover “carding forum,” aimed at mimicking the sites operated by criminals to buy and sell account numbers, or trade other information.

The site called “Carder Profit” was configured to allow the FBI to monitor and to record the discussion threads and private messages, and to track those using the site through their IP addresses.

Because the FBI was able to warn those affected by compromised accounts, the operation “prevented estimated potential economic losses of more than $205 million, notified credit card providers of over 411,000 compromised credit and debit cards, and notified 47 companies, government entities, and educational institutions of the breach of their networks,” a statement by prosecutors said.

Eleven people were arrested in the United States and 13 others arrested overseas, in seven different countries, a statement by prosecutors said.

Six people were arrested in Britain, two in Bosnia, and one each in Bulgaria, Norway and Germany on charges in those countries.

Two others were detained in Italy and Japan on warrants arrested in foreign countries based on provisional arrest warrants obtained in connection with complaints in New York.

“As the cyber threat grows more international, the response must be increasingly global and forceful,” Bharara said.

“The coordinated law enforcement actions taken by an unprecedented number of countries around the world today demonstrate that hackers and fraudsters cannot count on being able to prowl the Internet in anonymity and with impunity, even across national boundaries.”

Of the 11 held in the United States, two are minors.

One of those arrested, Mir Islam, who uses the name “JoshTheGod,” claimed to be a member of UGNazi, a group that has claimed credit for numerous recent online hack attacks, and a founder of Carders.Org, a carding forum on the Internet. Officials said he had information for more than 50,000 credit cards.

As a result of the operation, the FBI seized the web server for UGNazi.com, and seized the domain name of Carders.org, taking both sites offline.

In a separate, unrelated development, a security report Tuesday said a wave of cyber attacks has likely stolen at least $80 million from bank accounts in Europe.

The joint report by Guardian Analytics and McAfee said “Operation High Roller” was led by criminals attacking cloud-based servers in a global fraud campaign.

The report from the two US firms said the attacks tried to steal between $75 million and $2.5 billion (60 million to two billion euros) from at least 60 banks worldwide.

Mr.Badoo is one of most famous and old hacker of Pakistan in cyber space.He is arrested by FBI on June, 25, 2012 for hacking into PC of Andy who create any event of drawing Prophet Muhammad’s(SAW). He hacked Andy account and remove that event from facebook.

It has been almost 2 Years from now. It all started with a maniac’s malicious efforts of maligning Islam when he, the name’s Andy, started a facebook event of drawing Prophet Muhammad’s(SAW) picture with only one intention of maligning the image of Islam and hurting the millions of followers of Islam throughout the world. Though he and many of his supporters call this as an act of “freedom of speech”, they failed to reason as to why only Prophet Muhammad’s(SAW) was considered.

Their aim is crystal clear, they only want to create ruckus and anger among 1.5 billion muslims across the globe, to malign the image of our beloved Prophet Muhammad’s(SAW) image.

They almost succeeded in their efforts but thanks to muslims all over the world and specially to Pakistan Government that they without an iota delay, protested to this event. Pakistani government took a very good step in devising a temporarily ban to facebook, youtube and some other such websites that were the communication mode of the drawing event.

We have the power of e-media. Spread this as much as possible through blogs, youtube videos, discussion threads, forums, communities. Make it so frequent and often that in every search query of google, our messages are displayed, everywhere. Mr.Badoo(Ali) needs us, we must not step back.

Remember, we will be questioned by Allah what we did to support our brother when he stood alone for us. Let us not make ourself sinners for that day. Please do stand, our brother needs us. Don’t step back.

May Allah give us hidayah courage to stand for our brother and brother Ali the courage to stand against the biased peoples.